import _ from "lodash"; /** * Sanitize SQL function * ============================================================================== * @description this function takes in a text(or number) and returns a sanitized * text, usually without spaces */ function sanitizeSql(text: any, spaces?: boolean, regex?: RegExp | null): any { if (!text) return ""; if (typeof text == "number" || typeof text == "boolean") return text; if (typeof text == "string" && !text?.toString()?.match(/./)) return ""; if (typeof text == "object" && !Array.isArray(text)) { const newObject = sanitizeObjects(text, spaces); return newObject; } else if (typeof text == "object" && Array.isArray(text)) { const newArray = sanitizeArrays(text, spaces); return newArray; } let finalText = text; if (regex) { finalText = text.toString().replace(regex, ""); } if (spaces) { } else { finalText = text .toString() .replace(/\n|\r|\n\r|\r\n/g, "") .replace(/ /g, ""); } const escapeRegex = /select |insert |drop |delete |alter |create |exec | union | or | like | concat|LOAD_FILE|ASCII| COLLATE | HAVING | information_schema|DECLARE |\#|WAITFOR |delay |BENCHMARK |\/\*.*\*\//gi; finalText = finalText .replace(/(? { const value = objectUpdated[key]; if (!value) { delete objectUpdated[key]; return; } if (typeof value == "string" || typeof value == "number") { objectUpdated[key] = sanitizeSql(value, spaces); } else if (typeof value == "object" && !Array.isArray(value)) { objectUpdated[key] = sanitizeObjects(value, spaces); } else if (typeof value == "object" && Array.isArray(value)) { objectUpdated[key] = sanitizeArrays(value, spaces); } }); return objectUpdated; } /** * Sanitize Objects Function * ============================================================================== * @description Sanitize objects in the form { key: "value" } * * @param {any[]} array - Database Full Name * @param {boolean} [spaces] - Allow spaces * * @returns {string[]|number[]|object[]} */ function sanitizeArrays( array: any[], spaces?: boolean ): string[] | number[] | object[] { let arrayUpdated = _.cloneDeep(array); arrayUpdated.forEach((item, index) => { const value = item; if (!value) { arrayUpdated.splice(index, 1); return; } if (typeof item == "string" || typeof item == "number") { arrayUpdated[index] = sanitizeSql(value, spaces); } else if (typeof item == "object" && !Array.isArray(value)) { arrayUpdated[index] = sanitizeObjects(value, spaces); } else if (typeof item == "object" && Array.isArray(value)) { arrayUpdated[index] = sanitizeArrays(item, spaces); } }); return arrayUpdated; } export default sanitizeSql;